CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50588 – Unprotected Exposed Firebird Database with default credentials
https://notcve.org/view.php?id=CVE-2024-50588
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. ... Un atacante no autenticado con acceso a la red local del consultorio médico puede utilizar credenciales predeterminadas conocidas para obtener acceso remoto de administrador de base de datos a la base de datos Firebird de Elefant. ... HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-419: Unprotected Primary Channel CWE-1393: Use of Default Password •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44765
https://notcve.org/view.php?id=CVE-2024-44765
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2.0.0 to v2.4.2 allows attackers to escalate privileges and access sensitive information via manipulation of the Nginx configuration file. An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality. • http://mgt-commerce.com https://github.com/EagleTube/CloudPanel/tree/main/CVE-2024-44765 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25431
https://notcve.org/view.php?id=CVE-2024-25431
An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. • https://gist.github.com/haruki3hhh/bd228e6dcaf8c18140e1074964912b39 https://github.com/bytecodealliance/wasm-micro-runtime/issues/3122 https://github.com/bytecodealliance/wasm-micro-runtime/pull/3126 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-40239
https://notcve.org/view.php?id=CVE-2024-40239
An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. • https://play.google.com/store/apps/details?id=com.hitbytes.minidiarynotes https://zzzxiin.github.io/post/life-personal-diary •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-40240
https://notcve.org/view.php?id=CVE-2024-40240
An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. • http://homeserve.com https://apkpure.com/homeserve-home-repair/com.homeserveapp.homeserve https://zzzxiin.github.io/post/homeserve •